Lucene search

K
freebsdFreeBSDE59FED96-60DA-11EE-9102-000C29DE725B
HistorySep 01, 2023 - 12:00 a.m.

mediawiki -- multiple vulnerabilities

2023-09-0100:00:00
vuxml.freebsd.org
12
mediawiki
multiple vulnerabilities
incorrect permission
infinite loop
potential xss
title assumption
file upload
stored xss
unix

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

46.8%

Mediawikwi reports:

(T264765, CVE-2023-PENDING) SECURITY: Users without correct permission
are incorrectly shown MediaWiki:Missing-revision-permission.
(T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for
self-redirects with variants conversion.
(T340217, CVE-2023-PENDING) SECURITY: Vector 2022: Numerous unescaped
messages leading to potential XSS.
(T340220, CVE-2023-PENDING) SECURITY: Vector 2022: vector-intro-page
message is assumed to yield a valid title.
(T340221, CVE-2023-PENDING) SECURITY: XSS via
‘youhavenewmessagesmanyusers’ and ‘youhavenewmessages’ messages.
(T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser (“X
intermediate revisions by the same user not shown”) ignores username
suppression.
(T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML
file to Special:Upload (non-standard configuration).

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmediawiki135< 1.35.13UNKNOWN
FreeBSDanynoarchmediawiki139< 1.39.5UNKNOWN
FreeBSDanynoarchmediawiki140< 1.40.1UNKNOWN

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

46.8%